Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Barry Leiba wrote:
browser id, openid, and oauth are all authentication frameworks built
on top of HTTP


OAuth is an authorization framework, not an authentication one.  Please be
careful to make the distinction.

What we're looking at here is the need for an HTTP authentication system
that (for example) doesn't send reusable credentials, is less susceptible
to spoofing attacks, and so on.

Hi Barry, maybe I should review the drafts (or not), but if its hasn't been considered, this sounds like the only way possible is with a persistent IP connection session management concept.

I can relate it based on our PCI framework for the web server and much of the modeling was based on our existing non-http multi-device hosting servers already 100% based on a persistent connection IP or line, channel. Definitely works in areas where only one browser or machine is allowed.

I was looking forwarding to further exploring WebSockets to possible be part of (revitaling) this solution as well, since it work nicely with the persistent IP concept with the backend.

On a related note, some web sites do this and I first saw it with facebook where it knows where I am logging in from. In a recent philly trip, I tried to log on and interestingly got a new login form where it indicated I was at a different location. I had to verify who I was again, if I recall via my email/login account at gmail.com.

--
Sincerely

Hector Santos
http://www.santronics.com
jabber: hector@xxxxxxxxxxxxxxx


_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]